package com.community.common.config.shiro;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfiguration {

    @Bean(name = "sessionManager")
    public DefaultWebSessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        // 设置session过期时间120分钟
        sessionManager.setGlobalSessionTimeout(120 * 60 * 1000L);
        return sessionManager;
    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 设置realm.
        securityManager.setRealm(new Realm());
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }

    /**
     * ShiroFilterFactoryBean 处理拦截资源文件问题。
     * 注意：单独一个ShiroFilterFactoryBean配置是或报错的，以为在
     * 初始化ShiroFilterFactoryBean的时候需要注入：SecurityManager
     * <p>
     * Filter Chain定义说明 1、一个URL可以配置多个Filter，使用逗号分隔 2、当设置多个过滤器时，全部验证通过，才视为通过
     * 3、部分过滤器可指定参数，如perms，roles
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();

        // 这里只能使用 new 新建实例
        //map里面key值要为authc才能使用自定义的过滤器
        filters.put("authc", new ShiroPermissionsFilter());

        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/");
        // 登录成功后要跳转的链接
//        shiroFilterFactoryBean.setSuccessUrl("/page/main");
        // 未授权界面;
//		shiroFilterFactoryBean.setUnauthorizedUrl("/login");
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
        // 相机访问接口放行
//        filterChainDefinitionMap.put("/person/cmd", "anon");
//        filterChainDefinitionMap.put("/person/result", "anon");
//        filterChainDefinitionMap.put("/record/notice", "anon");
//
//        filterChainDefinitionMap.put("/public-user/**", "anon");
//        filterChainDefinitionMap.put("/picture/**", "anon");
//        filterChainDefinitionMap.put("/wx/**", "anon");
//        filterChainDefinitionMap.put("/lib/**", "anon");
//        filterChainDefinitionMap.put("/uploadImg/**", "anon"); // 图片访问规则，映射值磁盘某个位置，访问就以http://域名:8082/manage/uploadImg/xx.jpg访问
//        filterChainDefinitionMap.put("/community/queryAll", "anon");
//
//        filterChainDefinitionMap.put("/", "anon");
//        filterChainDefinitionMap.put("/check", "anon");
//        filterChainDefinitionMap.put("/page/login", "anon");
//        filterChainDefinitionMap.put("/page/top", "anon");
//        filterChainDefinitionMap.put("/user/**", "anon");
//        filterChainDefinitionMap.put("/css/**", "anon");
//        filterChainDefinitionMap.put("/js/**", "anon");
//        filterChainDefinitionMap.put("/img/**", "anon");
//        filterChainDefinitionMap.put("/**", "authc");

        filterChainDefinitionMap.put("/publicUser/queryAudit", "authc");
        filterChainDefinitionMap.put("/publicUser/queryPass", "authc");

        //所有接口都不鉴权 如需改动，请移除掉 公众号中调用的接口、openContoller下面的接口
        filterChainDefinitionMap.put("/**", "anon");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

}